Where Is My Private Key?

The private key is not sent when you submit your CSR to SSL.com, and neither SSL.com nor anyone else should ever have access to your private key.

If a private key is ever lost or otherwise compromised, you can simply generate a new CSR/private key pair and reprocess the certificate order.

When generating a CSR/private key pair you’ll use either your local machine or the server you’d like to install the certificate files onto.

  • Certificate Signing Request (CSR): Encoded message containing a public key that has been digitally signed using a corresponding private key.
  • Private Key: The .key file used to digitally sign a CSR or other encoded message.
  • Public Key: Contained within a CSR or signed server certificate along with many other relevant items.(i.e. Common Name, SAN entries, Organization)
  • Subject Alternative Name (SAN): The extension of the X.509 certificate standard used to protect multiple host names under a single SSL/TLS certificate.

More information concerning the public/private key pair can be found here.